From: Martin Schwidefsky Date: Sun, 30 Oct 2011 14:16:08 +0000 (+0100) Subject: [S390] memory leak with RCU_TABLE_FREE X-Git-Tag: firefly_0821_release~3680^2~4253^2~49 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e73b7fffe487c315fd1a4fa22282e3362b440a06;p=firefly-linux-kernel-4.4.55.git [S390] memory leak with RCU_TABLE_FREE The rcu page table free code uses a couple of bits in the page table pointer passed to tlb_remove_table to discern the different page table types. __tlb_remove_table extracts the type with an incorrect mask which leads to memory leaks. The correct mask is ((FRAG_MASK << 4) | FRAG_MASK). Cc: stable@kernel.org Signed-off-by: Martin Schwidefsky --- diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c index 5d56c2b95b14..529a08838376 100644 --- a/arch/s390/mm/pgtable.c +++ b/arch/s390/mm/pgtable.c @@ -662,8 +662,9 @@ void page_table_free_rcu(struct mmu_gather *tlb, unsigned long *table) void __tlb_remove_table(void *_table) { - void *table = (void *)((unsigned long) _table & PAGE_MASK); - unsigned type = (unsigned long) _table & ~PAGE_MASK; + const unsigned long mask = (FRAG_MASK << 4) | FRAG_MASK; + void *table = (void *)((unsigned long) _table & ~mask); + unsigned type = (unsigned long) _table & mask; if (type) __page_table_free_rcu(table, type);